installd: change profile files to 0660
Profiling information leaks data about how people interact with apps, so we don't want the data to be available to other apps. Only the app and system_server need access. Don't create the /data/dalvik-cache/profiles directory. init.rc does it for us now. Change-Id: Ic1b44009faa30d704855e97631006c4b990a4ad3
This commit is contained in:
parent
18c9394ce1
commit
0db0f97d87
@ -1036,50 +1036,27 @@ int ensure_config_user_dirs(userid_t userid) {
|
|||||||
|
|
||||||
int create_profile_file(const char *pkgname, gid_t gid) {
|
int create_profile_file(const char *pkgname, gid_t gid) {
|
||||||
const char *profile_dir = DALVIK_CACHE_PREFIX "profiles";
|
const char *profile_dir = DALVIK_CACHE_PREFIX "profiles";
|
||||||
struct stat profileStat;
|
|
||||||
char profile_file[PKG_PATH_MAX];
|
char profile_file[PKG_PATH_MAX];
|
||||||
|
|
||||||
// If we don't have a profile directory under dalvik-cache we need to create one.
|
|
||||||
if (stat(profile_dir, &profileStat) < 0) {
|
|
||||||
// Create the profile directory under dalvik-cache.
|
|
||||||
if (mkdir(profile_dir, 0711) < 0) {
|
|
||||||
ALOGE("cannot make profile dir '%s': %s\n", profile_dir, strerror(errno));
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Make the profile directory write-only for group and other. Owner can rwx it.
|
|
||||||
if (chmod(profile_dir, 0711) < 0) {
|
|
||||||
ALOGE("cannot chown profile dir '%s': %s\n", profile_dir, strerror(errno));
|
|
||||||
rmdir(profile_dir);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (selinux_android_restorecon(profile_dir, 0) < 0) {
|
|
||||||
ALOGE("cannot restorecon profile dir '%s': %s\n", profile_dir, strerror(errno));
|
|
||||||
rmdir(profile_dir);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
snprintf(profile_file, sizeof(profile_file), "%s/%s", profile_dir, pkgname);
|
snprintf(profile_file, sizeof(profile_file), "%s/%s", profile_dir, pkgname);
|
||||||
|
|
||||||
// The 'system' user needs to be able to read the profile to determine if dex2oat
|
// The 'system' user needs to be able to read the profile to determine if dex2oat
|
||||||
// needs to be run. This is done in dalvik.system.DexFile.isDexOptNeededInternal(). So
|
// needs to be run. This is done in dalvik.system.DexFile.isDexOptNeededInternal(). So
|
||||||
// we make it world readable. Not a problem since the dalvik cache is world
|
// we assign ownership to AID_SYSTEM and ensure it's not world-readable.
|
||||||
// readable anyway.
|
|
||||||
|
|
||||||
int fd = open(profile_file, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0664);
|
int fd = open(profile_file, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, 0660);
|
||||||
|
|
||||||
// Open will fail if the file already exists. We want to ignore that.
|
// Always set the uid/gid/permissions. The file could have been previously created
|
||||||
|
// with different permissions.
|
||||||
if (fd >= 0) {
|
if (fd >= 0) {
|
||||||
if (fchown(fd, -1, gid) < 0) {
|
if (fchown(fd, AID_SYSTEM, gid) < 0) {
|
||||||
ALOGE("cannot chown profile file '%s': %s\n", profile_file, strerror(errno));
|
ALOGE("cannot chown profile file '%s': %s\n", profile_file, strerror(errno));
|
||||||
close(fd);
|
close(fd);
|
||||||
unlink(profile_file);
|
unlink(profile_file);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (fchmod(fd, 0664) < 0) {
|
if (fchmod(fd, 0660) < 0) {
|
||||||
ALOGE("cannot chmod profile file '%s': %s\n", profile_file, strerror(errno));
|
ALOGE("cannot chmod profile file '%s': %s\n", profile_file, strerror(errno));
|
||||||
close(fd);
|
close(fd);
|
||||||
unlink(profile_file);
|
unlink(profile_file);
|
||||||
|
Loading…
Reference in New Issue
Block a user